That's remotely hosted code...also a problem, but you can inject code that's not remotely hosted.
The point is that it’s a different permission.
https://news.ycombinator.com/item?id=41812416
If you are really privacy conscientious, ad blocking extensions should be able to exist without any access to web requests now.
alt Hacker News
The point is that it’s a different permission.
https://news.ycombinator.com/item?id=41812416
If you are really privacy conscientious, ad blocking extensions should be able to exist without any access to web requests now.